Lucene search

CERTVDECVELIST:CVE-2024-41176

HistoryAug 27, 2024 - 8:01 a.m.

CVE-2024-41176 Beckhoff: Local Denial of Service issue in package MDP included in TwinCAT/BSD

2024-08-2708:01:57

CWE-120

CERTVDE

www.cve.org

beckhoff

twincat/bsd

denial of service

local attacker

mpd package

authenticated

low-privileged

code execution

root context

crafted http request

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.5%

JSON

The MPD package included in TwinCAT/BSD allows an authenticated, low-privileged local
attacker to induce a Denial-of-Service (DoS) condition on the daemon and execute code in
the context of user “root” via a crafted HTTP request.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MDP package",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "1.2.7.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TwinCAT/BSD",
    "vendor": "Beckhoff",
    "versions": [
      {
        "lessThan": "14.1.2.0",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

cert.vde.com/en/advisories/VDE-2024-050

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

EPSS

Percentile

9.5%

JSON

Related for CVELIST:CVE-2024-41176